Search Results (362462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40635 1 Craftercms 1 Crafter Cms 2024-11-21 6.4 Medium
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
CVE-2022-40634 1 Craftercms 1 Crafter Cms 2024-11-21 6.4 Medium
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
CVE-2022-40631 1 Siemens 60 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 57 more 2024-11-21 6.1 Medium
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.
CVE-2022-40626 2 Fedoraproject, Zabbix 2 Fedora, Zabbix 2024-11-21 4.8 Medium
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
CVE-2022-40623 1 Wavlink 2 Wn531g3, Wn531g3 Firmware 2024-11-21 8.8 High
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.
CVE-2022-40622 1 Wavlink 2 Wn531g3, Wn531g3 Firmware 2024-11-21 8.8 High
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
CVE-2022-40621 1 Wavlink 2 Wn531g3, Wn531g3 Firmware 2024-11-21 7.5 High
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.
CVE-2022-40609 2 Ibm, Redhat 3 Sdk, Enterprise Linux, Rhel Extras 2024-11-21 8.1 High
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
CVE-2022-40608 1 Ibm 1 Spectrum Protect Plus 2024-11-21 7.5 High
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.
CVE-2022-40540 1 Qualcomm 32 Sd888 5g, Sd888 5g Firmware, Sd 8 Gen1 5g Firmware and 29 more 2024-11-21 8.4 High
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.
CVE-2022-40539 1 Qualcomm 50 Qam8295p, Qam8295p Firmware, Qca6574au and 47 more 2024-11-21 8.4 High
Memory corruption in Automotive Android OS due to improper validation of array index.
CVE-2022-40538 1 Qualcomm 26 Ar8035, Ar8035 Firmware, Qca8081 and 23 more 2024-11-21 7.5 High
Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.
CVE-2022-40537 1 Qualcomm 324 Apq8009, Apq8009 Firmware, Apq8009w and 321 more 2024-11-21 7.3 High
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
CVE-2022-40536 1 Qualcomm 162 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 159 more 2024-11-21 7.5 High
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.
CVE-2022-40535 1 Qualcomm 142 Csr8811, Csr8811 Firmware, Ipq8070a and 139 more 2024-11-21 7.5 High
Transient DOS due to buffer over-read in WLAN while sending a packet to device.
CVE-2022-40533 1 Qualcomm 220 Csra6620, Csra6620 Firmware, Csra6640 and 217 more 2024-11-21 6.2 Medium
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.
CVE-2022-40532 1 Qualcomm 706 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 703 more 2024-11-21 8.4 High
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
CVE-2022-40531 1 Qualcomm 568 Apq8009, Apq8009 Firmware, Apq8017 and 565 more 2024-11-21 8.4 High
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
CVE-2022-40530 1 Qualcomm 378 Aqt1000, Aqt1000 Firmware, Ar8031 and 375 more 2024-11-21 8.4 High
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
CVE-2022-40529 1 Qualcomm 392 Aqt1000, Aqt1000 Firmware, Ar8031 and 389 more 2024-11-21 7.1 High
Memory corruption due to improper access control in kernel while processing a mapping request from root process.